Summary of the Report

In recent years, a wide range of companies
has started to monitor, track, and follow people in virtually all aspects
of their lives. The behaviors, movements, social relationships, interests,
weaknesses, and most private moments of billions are now constantly recorded,
evaluated, and analyzed in real-time. The collection and exploitation of
personal information has become a multi-billion industry. The pervasive
surveillance machine that was developed for online advertising is now rapidly
expanding into other fields, from pricing to political communication to
credit scoring to risk management. At the same time, only the tip of the
iceberg of data and profiling activities is visible to individuals. Much of it
occurs in the background and remains opaque and barely understood by most consumers,
as well as by civil society, journalists, and policymakers.

The report “Corporate Surveillance in
Everyday Life” examines the inner workings of today’s personal data industry in
detail. Based on years of research and the previous 2016 report „Networks of Control“,
the investigation shines light on the actual practices and hidden data flows
between companies. It maps the structure and scope of today’s digital
tracking and profiling ecosystems and explores data-gathering
technologies, platforms, devices, and business models, as well as key recent
developments, placing a strong focus on elucidating its societal implications.

The report shows that a vast landscape of
data companies has emerged that continuously share and trade digital profiles with
one another. This landscape consists not only of large platforms such as Google
and Facebook, credit reporting agencies, marketing data brokers, and digital
advertising companies, but also of myriads of other businesses that sell products
or services to consumers in sectors such as retail, consumer goods, media and publishing,
telecommunications, and financial services. A big step into systematic consumer
surveillance occurred in the 1990s through database marketing, loyalty
programs, and advanced consumer credit reporting. After the rise of the
Internet and online advertising in the early 2000s and the advent of social
networks, smartphones, and programmatic advertising in the late 2000s, we are
now witnessing a new phase defined by the traditional consumer data industries
joining forces with the digital data industries.

Companies utilize data on consumers in
order to take economic advantage. In particular, two – sometimes related –
aspects of commercial tracking and profiling raise concerns:

Pervasive social sorting. A wide range of companies can now identify, categorize, assess,
rate, and rank consumers across platforms and devices. Every click on a
website and every swipe on a smartphone may trigger a wide variety of
hidden data sharing mechanisms distributed across several companies and, as a
result, directly affect a person’s available choices. In addition,
behavioral data about everyday life is increasingly used to make automated
decisions on groups of people in crucial areas such as finance, insurance, and
healthcare. Both many trivial and single consequential outcomes of this
permanent sorting may lead to cumulative disadvantage, discrimination and
exclusion, and may reinforce or even worsen existing inequalities.

Data-driven persuasion. Digital tracking and profiling, in combination with advanced
customer management technologies, personalization and testing, has become a powerful
tool set to systematically influence people’s behavior. Companies optimize
their modes of data-driven persuasion to make users visit a website, click on
an ad, register for a service, subscribe to a newsletter, download an app, or
purchase a product. They can also use their data wealth to personalize prices
by predicting how valuable someone might be as customer in the long term or how
much someone is probably willing to pay in a specific moment. Similarly,
politicians can target voters with messages adapted to their personality and
political views on certain issues.

Three key developments in recent years have
rapidly introduced unprecedented new qualities of how data can be strategically
abused against individuals and groups of people. First, companies have started
to combine and link data from the web and smartphones with the customer data
and offline information that they have been amassing for decades. Second, businesses
in all industries can now capture and measure every interaction with a consumer
in real-time, including on websites, platforms, and devices that they do not
control themselves. Third, the distinction between the use of data for
marketing and for risk management is blurring more and more:

Marketing and risk. Data that has been collected in the contexts of credit scoring,
identity verification, fraud prevention, payment processing, or even healthcare
increasingly find application in customer relationship management, online
targeting, and other marketing purposes. Furthermore, data and analytics
companies that perform risk assessments of individuals have started to provide
their clients with services that integrate and unify data for risk management,
customer relationship management, and marketing. Most marketing data brokers
also trade many kinds of sensitive information about consumers, including about
their financial situation.

Real-time fraud detection. Digital fraud detection services use highly invasive technologies
to evaluate billions of online transactions in order to identify devices,
individuals, and suspicious behaviors. They combine data collected for online
fraud detection with offline identity records and information about someone’s
financial situation. The two faces of real-time tracking – online advertising
that constantly evaluates each individual’s economic potential and fraud
detection that gauges a given person’s risk potential – are increasingly being enmeshed
and integrated with one another.

While the picture is becoming clearer,
large parts of the systems in place still remain in the dark. Enforcing
transparency about corporate data practices remains one of several key prerequisites
to resolving the massive information asymmetries and power imbalances between
data companies and the people they process data on. Hopefully this report’s
findings will encourage further work by scholars, journalists, and others in
the fields of civil rights, data protection, consumer protection – and,
ideally, also by policymakers and the companies themselves.

Author Info

The author of the report, Wolfie Christl,
is a technologist, researcher, writer, and digital rights activist based in
Vienna, Austria. In 2013, he co-created Data
Dealer, an award-winning online game on personal data and privacy. His 2016
book Networks of Control
is, according to the “International Association of Privacy Professionals”, a
“slow-burning horror film”, and, according to Paul Nemitz, Director Fundamental
Rights at the Directorate-General Justice of the European Commission, “a
must-read for anyone who is interested in today's data-driven world”. Wolfie Christl
has presented his research in the European Parliament, has contributed to TV documentaries about digital tracking,
works as a trainer for employee privacy, and writes for newspapers such as the
German FAZ.
From 2000 to 2006 he was a part of Public Netbase, a digital art platform,
non-profit ISP, and somewhat of an early hackerspace in Vienna. He and his
projects have been featured in the New York Times, Forbes, and many other media
outlets around the world.

Cracked Labs

Cracked Labs is an independent research institute
and creative laboratory based in Vienna, Austria. It investigates the
socio-cultural impacts of information technology and develops social
innovations in the field of digital culture. Cracked Labs is a non-profit
organization. It was established in 2012 to strengthen a participatory and
self-determined use of information and communication technology as well as the
free access to knowledge and information – independently from commercial or
governmental interests.

Contents of the Report

Relevant players within the business of personal data:

Businesses in all industries

Media organizations and digital publishers

Telecom companies and Internet Service Providers

Devices and Internet of Things

Financial services and insurance

Public sector and key societal domains

Future developments?

The Risk Data Industry:

Rating people in finance, insurance and employment

Credit scoring based on digital behavioral data

Identity verification and fraud prevention

Online identity and fraud scoring in real-time

Investigating consumers based on digital records

The Marketing Data Industry:

Sorting and ranking consumers for marketing

The rise of programmatic advertising technology

Connecting offline and online data

Recording and managing behaviors in real-time

Collecting identities and identity resolution

Managing consumers with CRM, CIAM and MDM

Examples of Consumer Data Broker Ecosystems:

Acxiom, its services, data providers, and partners

Oracle as a consumer data platform

Key Developments in Recent Years:

Networks of digital tracking and profiling

Large-scale aggregation and linking of identifiers

“Anonymous” recognition

Analyzing, categorizing, rating and ranking people

Real-time monitoring of behavioral data streams

Mass personalization

Testing and experimenting on people

Mission creep – everyday life, risk assessment and marketing

The production of this report, web materials, and illustrations was supported by the Open Society Foundations.